MENU
Close
Basket
Back
Privacy policy

1. Who are we?

The LDLC group presentation is available in the following link: https://www.groupe-ldlc.com/presentation-du-groupe/

The LDLC group is composed of several companies and merchant websites.

The LDLC GROUP's privacy policy aims to:

This policy has been drawn up in compliance with the provisions of the General Data Protection Regulation ("RGPD") and the amended 1978 Data Protection Act. It is likely to evolve according to the regulations, the jurisprudence and the doctrine of the control authorities.

2. Who is responsible for processing your data?

GROUPE LDLC and its subsidiaries (hereinafter "GROUPE LDLC"), which are responsible for processing personal data on their websites, collect information about you, particularly when creating a Customer Account or making purchases.

As the person who determines the purposes and means of the processing, the person responsible for the processing is GROUPE LDLC as well as the various companies in the group such as :

 

Contact details of GROUPE LDLC's head office and its subsidiaries:

Head office address:  2 rue des Érables, 69760 Limonest (France)
Phone number: +33 (0)4 72 52 37 77
E-mail address: dpo@groupe-ldlc.com

3. What type of data do we collect? 

We collect the data necessary to fulfil a specific purpose.

The following data collected may be used as a legal basis:

 

The following table sets out all the information provided when data is collected from a person (Article 12 of the GDPR).

4. What kind of operations are carried out?

 

Types of operationsData concernedPurposeLegal basisRecipients
Commercial and marketing activitiesIdentity; Contact details; Commercial exchanges linked to the implementation of projects; Statistics The purpose of this processing is to enable commercial operations, including:
  1. Carrying out statistics
  2. Improvement of the website
  3. Development of the sales strategy
  4. Carrying out satisfaction surveys
Consent (article 6.1.a of the GDPR)

Legitimate interest, i.e. information and promotion on similar products and services (Article 6.1.f og the GDPR)

Internally: communication and marketing departments

Externally: our IT and marketing services providers

Phone calls recordingTelephone conversation The purpose of this processing is to:
  1. Carry out satisfaction surveys and customer studies
  2. use it as example for staff training
Legitimate interest, i.e. carrying out satisfaction surveys and customer studies, as well as staff training (Article 6.1.f of the GDPR) Internally: the department in charge of customer relations
Contact formsIdentification data;
Date and subject of the request;
Follow-up;
Activity statistics		The purpose of this processing is to respond to your requests. It allows:
  1. The reception of requests sent
  2. The management of the these requests' follow-up
  3. To carry out statistics
Execution of a pre-contractual or contractual measure (article 6.1.b of the GDPR)

Legitimate interest in meeting the expectations of users of the website (Article 6.1.f of the GDPR)

Internally: departments in charge of processing your request

Externally: the IT services provider

Customer managementIdentification dataThe purpose of this processing is to:
  1. Manage contractual relationship
  2. Carry out statistics
  3. Carry out satisfaction surveys and customer studies
  4. Manage complaints, after-sales service and guarantees/warranties
Consent (article 6.1.a of the GDPR)

Performance of a contract (article 6.1.b of the GDPR)

Compliance with a legal obligation (article 6.1.c of the GDPR)

Internally: Group entities in charge of processing your request, our services providers and subcontractors
Purchases managementIdentification data;
Payment data;
Transactions data;		The purpose of this processing is to:
  1. Manage contractual relationship
  2. Manage complaints, after-sales service and guarantees/warranties
  3. Manage accounting operations
  4. Improve offers
Performance of the contract (article 6.1.b of the GDPR)

Compliance with a legal obligation (article 6.1.c of the GDPR)

The department in charge of sales management
Reviews managementIdentification data;  Transactions data;The purpose of this processing is to:
  1. Comply with transparency criteria
  2. Make the processing of reviews more reliable
  3. Carry out statistics
Consent (article 6.1.a of the GDPR)

Legitimate interest, namely the smooth operation of the website (Article 6.1.f of the GDPR).

Internally: communication and marketing departments, our IT services provider

Externally: reviews are intended to be published "individually" but are subject to moderation

Rights managementIdentification dataThe purpose of the processing is to ensure the management of your rights as covered by the GDPR and the French Data Protection Act (amended)Compliance with a legal obligation (article 6.1.c of the GDPR)Internally: the DPO and the persons authorised to ensure the management of your rights

Externally: certain regulated professions (lawyers)

Management of outstanding bills and complaintsIdentification data;
Payment data;
Transactions data;		The purpose of this processing is to:
  1. Manage contractual relationship
  2. Manage accounting operations
  3. Manage the data controller's rights
Performance of the contract (Article 6.1.b of the GDPR)

Compliance with a legal obligation (Article 6.1.c of the GDPR)

Legitimate interest namely the smooth operation of the website (Article 6.1.f of the GDPR)

Internally: accounting department

Externally: authorised service providers which may include regulated professions (lawyers, auditors)

Fraud managementIdentification data;
Payment data;
Transactions data;
Navigation and sign-in data.		The purpose of this processing is to:
  1. Prevent and fight against illegal activities or those not authorised by the terms of use
  2. Identify proven unpaid invoices
  3. Identify persons in a situation of non-payment for the purpose of exclusion from future transactions
Compliance with a legal obligation (Article 6.1.c of the GDPR)

Legitimate interest of the website (Article 6.1.f of the GDPR)

Internally: accounting department

Externally: financial authorities, judicial or state agencies, public bodies on request and to the extent permitted and justified by the regulations

Verification of compliance with the controller's business conditions Identification data;
Payment data;
Transactions data;
Navigation and sign-in data.		Verifying compliance with the controller's business conditions (e.g. during contests, purchase restrictions, etc.)Legitimate interest in complying with business conditions (Article 6.1.f of the GDPR)Internally: the department in charge of the orders verification
Promotional campaigns managementIdentification dataThe purpose of this processing is to:
  1. Select suppliers
  2. Develop a commercial strategy
  3. Carry out statistics
Consent (article 6.1.a of the GDPR)

Internally: the department in charge of the sales management

Externally: service providers authorised to process the data you send us and which enable us to offer you the displayed services

Social network managementIdentification data visible by default on the platformsThe purpose of this processing is to:
  1. Interact between our Group and subscribers (sales management)
  2. Technically administrate the networks
  3. Carry out statistics
Consent (article 6.1.a of the GDPR)

Legitimate interest, namely the smooth operation of the website (Article 6.1.f).

Internally: communication department

Externally: social network platforms' visitors

Customer 360 program

Learn more about

Identification data and data relating to customer orders (surname, first name, telephone number, email address, postal address, order number, etc.).This program aims to offer a real multi-channel experience to the customers of the various LDLC.COM brands (branches, franchises, subsidiaries) for sales managementLegitimate interest, i.e. multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) Consent for the personalised customer area.GROUPE LDLC, its franchises, subsidiaries and branches
Questions/answers program

Learn more about

Customer account data required to manage the program.To allow Internet users (customers or prospects) authenticated on the GROUPE LDLC website, to obtain additional information on the product sheet:
  1. By asking questions
  2. By being informed of the answers to questions
  3. By answering questions
  4. By voting for the answer(s)'s relevance
  5. Checking compliance with the program's terms of use

Legitimate interest, i.e. obtaining information about a product or service.

Consent for a personalised customer account and the posting of information (questions, answers or votes).

Contract execution (compliance with the terms of use of the program).

GROUPE LDLC, its franchises, subsidiaries and branches
Online browsing (cookies)Browsing data, Duration of your visit, Technical information (IP address, browser used, etc.) The purpose of this processing is to:
  1. Ensure the maintenance of the website and its smooth operation
  2. Improve the website interactivity (services offered by third party websites such as sharing buttons)
  3. Spread appropriate content according to the device used.

Consent
(Article 6.1.a of the GDPR)

Legitimate interest, i.e. the smooth operation of the website for functional cookies (Article 6.1.f of the GDPR).

Internally: communication department

Externally: our IT services provider

NewsletterIdentity; date of subscription; statisticsManagement of subscriptions; Management of emailings; Statistics relatedConsent (Article 6.1.a of the GDPR)

Internally: communication department


Externally: our IT and communication services providers

HiringIdentification data and professional data appearing in particular in the CV and the cover letters.The purpose of this processing is to enable hiring operations: processing of applications (CV and covering letter) and management of interviews. 

Consent (Article 6.1.a of the GDPR)


Execution of a pre-contractual measure (Article 6.1.b of the GDPR)

Internally: departments in charge of hiring operations.


Externally: any recruitment agencies and temporary employment agencies

5. Who are the recipients?

In addition to the recipients indicated above, and in order to accomplish the above-mentioned purposes, we disclose your personal data only to:

6. What are the retention periods?

GROUPE LDLC keeps personal data for a period that does not exceed the time required for the purposes for which they are collected in accordance with the provisions of the amended law of 6 January 1978 and the RGPD.

The data may be stored at a later date in the following cases where retention is necessary:

The criteria for determining retention periods are as follows:

 

Credit cards are only saved after an explicit request from the customer, on the payment page (if this option is suggested). They are kept for future orders in order to improve your shopping experience on our sites. The cards saved for future purchases are kept in a secure area by our payment provider. GROUPE LDLC does not keep this information. You can delete your saved card at any time on the payment page.
 

Cookies have a limited lifespan of thirteen months after their first deposit in the user's terminal equipment (following the expression of consent), as recommended by the CNIL (Commission Nationale Informatique & Libertés, the French Data Protection Agency). You can change your preferences at any time via the cookie manager, the link to which can be found at the bottom of our websites. To find out more about cookies and how we are committed to using them, please visit this page.


Sales management: Your data is kept for the duration of the contractual relationship and in accordance with the statute of limitations relating to the conservation or protection of the rights of the data controller.


Accounting and tax operations management: Accounting and tax data are kept for a period of 10 years.


Sales operations management: The data is kept until the withdrawal of consent or 3 years from the last contact. It may also be kept :
– For a period of 3 years from the last contact that the persons to whom they relate had with our company;
– After the execution of the contract, for intermediate archiving, to meet accounting or fiscal obligations or to constitute evidence in the event of dispute and within the limit of the applicable retention period.

The data of the customer account, created by the latter, are intended to be kept until the account is deleted by the user. However, the account may be considered inactive if it is not used for 2 years and may be deleted.


Sales operations management: When a person exercises his or her right to object prospection, in order to guarantee its effectiveness, the information enabling this right to be taken into account is kept for a minimum of 3 years from the exercise of the right.


Reviews management: Upon request of the author of a review, GROUPE LDLC offers the possibility of unpublishing a review, while retaining traceability for the purpose of subsequent verification of the review. GROUPE LDLC may delete reviews in the event of a change of owner and/or complete renovation of an establishment, or a change in the substantial characteristics of a product or service. GROUPE LDLC will keep a history of deleted reviews, and all documents attached to the reviews, on the site and the reason for their deletion for a maximum period of one year from the date of deletion of the review.


Unpaid invoices management: In cases of non-payment, the data are deleted from the file of persons in a situation of non-payment no later than 48 hours from the time when the non-payment is effectively settled. Exceptionally, and when necessary and proportionate circumstances justify it, the data may be kept in order to prevent recurrence. In the event of non-compliance, the information may be kept in the file listing the persons concerned for up to 3 years from the date of the non-payment. It may then be archived to meet accounting and tax obligations or serve as evidence in the event of litigation within the applicable limitation period.


Telephone conversation recording: recordings are kept for a maximum of 6 months.


Supporting documents sent to the Customer Service: the purpose of processing supporting documents is to fight fraud and unpaid invoices. The data is kept for 30 days from the month following their receipt and 24 months from the date of the transaction in the event of a dispute. Copies of credit cards are immediately deleted.


Newsletters : You can unsubscribe from newsletters at any time by clicking on the link provided in the email or directly from your Customer Account.

7. Who has access to personal data?

The data controller does not sell or share your data with third party business partners. Some of our employees may have access to data that is necessary for the performance of their duties.

Our various service providers may have access to data for the performance of their contracts, in accordance with the purposes set out above and the regulations.

Data may be transferred in the context of corporate transactions (mergers, acquisitions, disposals, restructuring, etc.).

Authorised third parties" (public authorities or judicial officers) are bodies that can access certain data contained in public and private files, on the basis of a text authorising them to do so.

As part of the 360 customer program, which aims to offer a real multi-channel experience to customers, data is shared between the various LDLC.COM brands (branches, franchises, subsidiaries): customers who have an email address and who are the result of this data transfer will have a web account created following their migration to the new checkout software. However, the account will only be activated when the customer has changed their password on the website at the time of their first connection. The legal basis for this processing is the legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) and the consent for the personalised customer area.

8. Do we transfer data abroad?

Your data is not transferred to third countries and remains hosted within the European Union.

For features related to the use of social networks, your posts may be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned.

9. Security

We are committed to ensuring the security of your personal data through strict procedures within our company.

For data collected "online", communications are encrypted between the Internet user's computer and our servers (HTTPS secure zone). GROUPE LDLC undertakes to make every effort to protect your personal data. Within GROUPE LDLC, only those persons who, due to their functions, have a legitimate interest in accessing your information will have access to it. In the context of technical operations, your data may also be hosted by our subcontractors. These subcontractors are rigorously selected and act in accordance with our instructions.

10. Rights of individuals / your rights

Individuals have the following rights, which they can exercise under the conditions set out in the GDPR:

 

Consult the cnil.fr/en/ website for further information on your rights.
These rights can be exercised directly with the data controller.

11. Exercising your rights

To exercise these rights or if you have any questions about how you personal data is processed, we invite you to use the following for: LDLC.com.

Vous pouvez également contacter Groupe LDLC et ses filiales aux coordonnées suivantes, notamment pour les données relatives à un autre site :

12. Complaints

If, after having contacted us, you believe that your rights have not been respected, you may submit a complaint to a control authority.

The French Data Protection Agency is the Commission Nationale de l’Informatique et des Libertés (CNIL).

Date of last update: 28.04.2022